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PRELIMINARY AMENDMENT 

Sir: 

Applicant respectfully requests the Examiner to enter the following 
amendments. 
IN THE CLAIMS : 

Please amend the claims as follows: 

1. A method for operating a conditional access system for broadcast applications, 
said conditional access system comprising a number of subscribers, each-subscriber 
having a terminal including a conditional access module and a secure device to store 
entitlements, wherein a source signal is encrypted using a first key (Cw), said first key 
(Cw) being changed at a high rate, said encrypted source signal being broadcasted for 
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receipt by the terminals, wherein entitlement control messages (EClVTs) are sent to the 
secure devices, said ECM's comprising the first keys (Cw) encrypted using a service key 
(Pt), wherein entitlement management messages (EMM's) are sent to the secure device 
providing the service key (Pt) required to decrypt encrypted first keys (Cw), wherein a 
cracked secure device which is used in an unauthorized manner is traced by sending 
different keys required to obtain the first keys to different terminals or groups of 
terminals and monitoring the key information provided by a pirate, wherein search 
EMM's are sent to at least a part of the terminals, said search EMM's providing at least 
the service key (Pt) and a dummy key (Pdi or Pd2), at least the search EMM's 
comprising identifiers identifying the keys (Pt and Pdi or Pm), wherein first search 
EMM's with the keys (Pt and Pdi) are sent to a first part of the terminals and second 
search EMM's with the keys (Pt and Pd2) are sent to a second part of the terminals, 
wherein an ECM identifying the service key (Pt) to be used to decrypt the encrypted 
first key (Cw), is sent to all secure devices just before the first key (Cw) is needed to 
decrypt the source signal. 

2. A method according to claim 1, wherein the encrypted source signal comprises a 
stream of data packets, wherein successive groups including at least one data packet, 
are encrypted using successive first key (Cwi, Cw2,. . ., Cwi,. . .,Cwn), each data packet 
having a flag indicating the first key (Cwi) to be used for decrypting the data packet, 
wherein in stead of an ECM identifying the service key (Pt) an ECM identifying a 
dummy key (Pdi or Pd2) to be used identifying a dummy key (Cwi), is sent to the secure 
devices of the first and second parts of the terminals, respectively, just before the first 
key (Cwi) is needed to decrypt the source signal, whereas the data packet is encrypted 
using the previous first key (Cwi-i). 
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3. A method according to claim 1, wherein a set of search EMM's is sent to the 
terminals, each search EMM providing two keys (Pt and Pdi, PT and Pd2,. . Pt and 
Pon). 



4. A method for operating a conditional access system for broadcast applications, 
said conditional access system comprising a number of subscribers, each subscriber 
having a terminal including a conditional access module and a secure device to store 
entitlements, wherein a source signal is encrypted using a first key (Cw), said first key 
(Cw) being changed at a high rate, said encrypted source signal being broadcasted for 
receipt by the terminals, wherein entitlement control messages (ECM's) are sent to the 
secure devices, said ECM's comprising the first keys (Cw) encrypted using a service key 
(Pt), wherein entitlement management messages (EMM's) are sent to the secure device 
providing the service key (Pt) required to decrypt encrypted first keys (Cw), wherein a 
cracked secure device which is used in an unauthorized manner is traced by sending 
different keys required to obtain the first keys to different terminals or groups of 
terminals and monitoring the key information provided by a pirate, wherein a set of 
search EMM's is sent to at least a part of the terminals, each search EMM of the set 
comprising a different dummy key (Pd) and each EMM being sent to a different part of 
the terminals. 

5. A method according to claim 3, wherein the terminals are divided into groups, 
wherein in a first search step the number of search EMM's of the set of search EMM's 
corresponds to the number of groups. 

6. A method for operating a conditional access system for broadcast applications, 
said conditional access system comprising a number of subscribers, each subscriber 
having a terminal including a conditional access module and a secure device to store 
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entitlements, wherein a source signal is encrypted using a first key (Cw), said first key 
(Cw) being changed at a high rate, said encrypted source signal being broadcasted for 
receipt by the terminals, wherein entitlement control messages (ECM's) are sent to the 
secure devices, said ECM's comprising the first keys (Cw) encrypted using a service key 
(Pt), wherein entitlement management messages (EMM's) are sent to the secure device 
providing the service key (Pt) required to decrypt encrypted first keys (Cw), wherein a 
cracked secure device which is used in an unauthorized manner is traced by sending 
different keys required to obtain the first keys to different terminals or groups of 
terminals and monitoring the key information provided by a pirate, wherein the source 
signal or the ECM's are encrypted using a multiple-key or secret-sharing cryptographic 
algorithm having a plurality of different decrypting keys or shares (G;Pi) required for 
decrypting the encrypted source signal or ECM's respectively, wherein said plurality of 
different decrypting keys or shares (G;Pi) are sent to at least a part of the terminals such 
that different terminals or groups of terminals receive different keys or shares (G;Pi) 
according to a predetermined distribution. 

7. A method according to claim 1, wherein the distribution of the terminals in 
groups of terminals is varied to trace the cracked secure device. 
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REMARKS 



If there are any additional charges, please charge Deposit Account No. 02-2666. 
If a telephone interview would in any way expedite the prosecution of the present 
application, the Examiner is invited to contact Andre L. Marais at (408) 947-8200. 

Respectfully submitted, 

Blakely, Sokoloff, Taylor & Zafman LLP 



Dated: ^/^/ / , 2001 

Andre L. Marais 
Reg. No. 48,095 

12400 WilshireBlvd. 
Seventh Floor 

Los Angeles, CA 90025-1026 
(408) 947-8200 
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VERSION OF SPECIFICATION AND CLAIMS WITH MARKINGS : 



IN THE CLAIMS : 

Please amend the claims as follows: 

4. (Amended) [Method] A method for operating a conditional access system for 
broadcast applications, said conditional access system comprising a number of 
subscribers, each subscriber having a terminal including a conditional access module 
and a secure device [for storing] to store entitlements, wherein a source signal is 
encrypted using a first key (Cw), said first key (Cw) being changed at a high rate, said 
encrypted source signal being broadcasted for receipt by the terminals, wherein 
entitlement control messages (ECM's) are sent to the secure devices, said ECM's 
comprising the first keys (Cw) encrypted using a service key (Pt), wherein entitlement 
management messages (EMM's) are sent to the secure device providing the service key 
(Pt) required to decrypt encrypted first keys (Cw), wherein a cracked secure device 
which is used in an unauthorized manner is traced by sending different keys required 
to obtain the first keys to different terminals or groups of terminals and monitoring the 
key information provided by a pirate, [characterized in that] wherein search EMM's are 
sent to at least a part of the terminals, said search EMM's providing at least the service 
key (Pt) and a dummy key (Pdi or Pd2), at least the search EMM's comprising identifiers 
identifying the keys (Pt and Pdi or Pd2), wherein first search EMM's with the keys (Pt 
and Pdi) are sent to a first part of the terminals and second search EMM's with the keys 
(Pt and Pd2) are sent to a second part of the terminals, wherein an ECM identifying the 
service key (Pt) to be used to decrypt the encrypted first key (Cw), is sent to all secure 
devices just before the first key (Cw) is needed to decrypt the source signal. 

5. (Amended) [Method] A method according to claim 1, wherein the encrypted 
source signal comprises a stream of data packets, wherein successive groups including 
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at least one data packet, are encrypted using successive first key (Cwi, Cw2,- . 
Cwi,. . .,Cwn), each data packet having a flag indicating the first key (Cwi) to be used for 
decrypting the data packet, wherein in stead of an ECM identifying the service key (Pt) 
an ECM identifying a dummy key (Pdi or Pd2) to be used identifying a dummy key 
(Cwi), is sent to the secure devices of the first and second parts of the terminals, 
respectively, just before the first key (Cwi) is needed to decrypt the source signal, 
whereas the data packet is encrypted using the previous first key (Cwm). 

6. (Amended) [Method] A method according to claim 1 [or 2], wherein a set of 
search EMM's is sent to the terminals, each search EMM providing two keys (Pt and 
Pdi, PT and P D 2,. . - , Pt and Pon). 

4. (Amended) [Method according to the preamble of claim 1,] A method for 
operating a conditional access system for broadcast applications, said conditional access 
system comprising a number of subscribers, each subscriber having a terminal 
including a conditional access module and a secure device to store entitlements, 
wherein a source signal is encrypted using a first key (Cw), said first key (Cw) being 
changed at a high rate, said encrypted source signal being broadcasted for receipt by 
the terminals, wherein entitlement control messages (ECM's) are sent to the secure 
devices, said ECM's comprising the first keys (Cw) encrypted using a service key (Pt), 
wherein entitlement management messages (EMM's) are sent to the secure device 
providing the service key (Pt) required to decrypt encrypted first keys (Cw), wherein a 
cracked secure device which is used in an unauthorized manner is traced by sending 
different keys required to obtain the first keys to different terminals or groups of 
terminals and monitoring the key information provided by a pirate, wherein a set of 
search EMM's is sent to at least a part of the terminals, each search EMM of the set 



7 



Docket No.: 5683P013 



comprising a different dummy key (Pd) and each EMM being sent to a different part of 
the terminals. 

5. (Amended) [Method] A method according to claim 3 [or 4], wherein the 
terminals are divided into groups, wherein in a first search step the number of search 
EMM's of the set of search EMM's corresponds to the number of groups. 

6. (Amended) [Method according to the preamble of claim 1,] A method for 
operating a conditional access system for broadcast applications, said conditional access 
system comprising a number of subscribers, each subscriber having a terminal 
including a conditional access module and a secure device to store entitlements, 
wherein a source signal is encrypted using a first key (Cw), said first key (Cw) being 
changed at a high rate, said encrypted source signal being broadcasted for receipt by 
the terminals, wherein entitlement control messages (ECM's) are sent to the secure 
devices, said ECM's comprising the first keys (Cw) encrypted using a service key (Pt), 
wherein entitlement management messages (EMM's) are sent to the secure device 
providing the service key (Pt) required to decrypt encrypted first keys (Cw), wherein a 
cracked secure device which is used in an unauthorized manner is traced by sending 
different keys required to obtain the first keys to different terminals or groups of 
terminals and monitoring the key information provided by a pirate, wherein the source 
signal or the ECM's are encrypted using a multiple-key or secret-sharing cryptographic 
algorithm having a plurality of different decrypting keys or shares (G;Pi) required for 
decrypting the encrypted source signal or ECM's respectively, wherein said plurality of 
different decrypting keys or shares (G;Pi) are sent to at least a part of the terminals such 
that different terminals or groups of terminals receive different keys or shares (G;Pi) 
according to a predetermined distribution. 
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7. (Amended) [Method] A method according to [any one of the preceding claims] 
claim 1, wherein the distribution of the terminals in groups of terminals is varied to 
trace the cracked secure device. 
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